Beta

GramGrow Trust Center

A public overview of privacy, security, integrations, data lifecycle, and AI transparency for the Telegram-first CRM.

Last updated: May 2, 2026

Privacy Imprint Terms DPA / AVV Subprocessors Security Telegram data flow

Trust model

GramGrow treats privacy and integrations as buying criteria, not legal afterthoughts. The public Trust Center links product behavior, legal notices, and operator-facing controls in one place.

Tenant-scoped data model with row-level access boundaries.
Encrypted provider secrets and no raw credential display in the browser.
Audit trails for sensitive data lifecycle and integration actions.

What customers can verify before launch

The launch trust checklist focuses on controls a buyer or workspace owner can inspect without relying on unsupported compliance slogans.

Tenant-scoped access: Workspace records use tenant-aware schema design, row-level access boundaries, and role checks for owner, admin, agent, and viewer workflows.
Encrypted provider secrets: Telegram, payment, ads, broker, and AI credentials stay server-side, are stored encrypted, and are represented in the UI through status and masked hints.
Audit and data lifecycle: Owners can generate tenant exports, review exclusions, file a deletion request, cancel it during the grace period, and keep security-relevant events auditable.
Telegram data flow documented: Public pages separate Telegram-controlled accounts and infrastructure from the GramGrow CRM workspace, bot credentials, stored records, and workflows.
AI provider control: AI features are workspace-configured assistive workflows; Telegram data must not be used to train, fine-tune, or generally improve AI/ML models.
Current limits are explicit: DPA/terms text, production hosting provider, SMTP/email provider, and destructive deletion evidence stay explicit until final operator review.

Tenant-scoped access

Implemented control

Workspace records use tenant-aware schema design, row-level access boundaries, and role checks for owner, admin, agent, and viewer workflows.

Encrypted provider secrets

No raw browser display

Telegram, payment, ads, broker, and AI credentials stay server-side, are stored encrypted, and are represented in the UI through status and masked hints.

Audit and data lifecycle

Owner-verifiable

Owners can generate tenant exports, review exclusions, file a deletion request, cancel it during the grace period, and keep security-relevant events auditable.

Telegram data flow documented

Public explanation

Public pages separate Telegram-controlled accounts and infrastructure from the GramGrow CRM workspace, bot credentials, stored records, and workflows.

AI provider control

No-training boundary

AI features are workspace-configured assistive workflows; Telegram data must not be used to train, fine-tune, or generally improve AI/ML models.

Current limits are explicit

Launch blocker visibility

DPA/terms text, production hosting provider, SMTP/email provider, and destructive deletion evidence stay explicit until final operator review.

Product controls users can verify

Workspace owners can inspect integration health, export tenant-scoped data, file a deletion request with a grace period, and review what is intentionally excluded from exports.

Current limits and review status

This page is product-truth documentation and must be reviewed by counsel before it is used as final legal advice.

Automatic destructive deletion is not claimed as complete on public pages until the deletion worker is armed and verified.